Russia Expected to Increase Critical Infrastructure Attacks

Russia’s war strategy increasingly involves cybersecurity, with the country expected to ramp up attacks on critical infrastructure in Ukraine and countries that are members of NATO, according to Switzerland’s Federal Intelligence Service (FIS).

“The war in Ukraine represents a threat with partially global implications for critical infrastructure. Critical infrastructure outside the war zone could also be affected, at least indirectly,” Switzerland’s FIS said in its 2023 security assessment. “It is possible that operators of critical infrastructure will fall victim to ransomware attacks with increasing frequency. At the same time, the exposition to attacks will increase, because interconnectivity and the complexity of supply chains are growing.”

The FIS noted that while the war on Ukraine “has had little impact on the cyberspace of Switzerland or other states,” there are important lessons that have emerged from the conflict. “The war has shown where cyber can be used as a tool and where the limits lie. In the war against Ukraine, cyber is used chiefly for information operations or for tactical attacks on means of communication used primarily for military purposes,” FIS said.

In addition, cyberattacks can be used to amplify the impact of kinetic attacks. “For example, cyber tools can be used to temporarily disrupt the communications or infrastructure of emergency services in the target area, in order to slow down the follow-up assistance,” the FIS said.

The impact of broad-based cyberattacks on infrastructure has proven to have a short shelf life, with bombs still proving to be more efficient. “It is also hard to control the collateral damage caused by IT-based attacks,” the assessment said. “Moreover, there is the risk of so-called spillover effects, i.e. uncontrolled spread. With the exception of a few incidents at the beginning of the invasion, this has not occurred so far.”

The FIS still expects activities targeting critical infrastructure operators to increase. “This is typically due to the attacker’s increased need for information about the opposing side, but may also be used as a compensatory measure by the attacker where there has been a reduction in the number of intelligence staff deployed in the target countries,” the report said.

“Protecting the critical infrastructure of NATO nations is just as vital as protecting it from physical attacks because the consequences have the potential to be equally devastating,” said Darren Guccione, CEO and co-founder at Keeper Security.

“In the digital age, it’s clear that cyberwarfare and traditional warfare tactics will continue to converge as threat actors use cyberattacks to both support and supplement physical attacks,” said Guccione. “When used for political purposes, cyberattacks may be part of a larger effort to threaten operations, destabilize a government or disrupt critical infrastructure such as power grids, transportation networks and financial institutions. Certain malware can even be used to destroy evidence of network infiltration for purposes such as espionage.”

Critical infrastructure attacks are of growing concern among cybersecurity professionals. “Attacks against critical infrastructure have extensive impacts. Damage can range from disruptive inconveniences to economic stress to catastrophic life-altering or threatening impacts,” said Timothy Morris, chief security advisor at Tanium. “Collateral damage can happen as well with cyberattacks, as habitually happens with kinetic warfare.”

Callie Guenther, cyber threat research senior manager at Critical Start, said, “The economic fallout from successful cyberattacks could also be severe. If key sectors—say, financial institutions or vital industries—become targets, the attacks could trigger considerable financial losses and destabilize investor confidence.”

Those disruptions could cause a ripple effect, leading “to substantial economic turbulence in a matter of minutes,” said Guenther.

“We also have to consider the risk to national security. The risk is more than just damaging infrastructure or causing economic disruption; it also involves compromising sensitive governmental data,” she said. “Cyberattacks on defense systems or intelligence agencies could expose classified information, disrupt military activities or even strain diplomatic relations. Therefore, the concern goes beyond immediate damage and extends to long-term national security implications.”

Groups have emerged to defend the interests of the warring parties, and their missions include inflicting damage on their foes in the cybersphere. “Ukraine has issued an official appeal for volunteers to join the IT Army of Ukraine,” the report pointed out. “At the same time, pro-Russia groups such as KillNet have formed. These non-state actors will continue to pose a threat to critical infrastructure, as they are not always under the direct control of one of the two warring parties and consequently operate based on their own target identification.”

Russia may have lost many of its intelligence operatives who were expelled as the war progressed, but “the war is opening up opportunities for the Russian intelligence services to smuggle more of their own employees into Europe as refugees,” the FIS said. “The large number of refugees is likely making it possible for some members of the intelligence services to travel undetected and be admitted on a temporary basis.”

And “while there’s no publicly available empirical data that directly correlates the expulsion of human intelligence agents with an increase in digital espionage activities, the trend toward digital espionage has been clearly on the rise for the past several decades, irrespective of expulsions,” said Guenther. “This shift can be attributed to multiple factors, including the evolution and accessibility of technology, the increased digitization of information, and the relative anonymity and safety of conducting espionage activities from afar, without the risk associated with having agents physically present in foreign territories.”

Guenther added it is “reasonable to theorize that the expulsion of human spies might drive a nation-state to compensate by increasing its digital espionage efforts; proving this causality is challenging, given the inherently clandestine nature of such activities.”

But, she noted, governments and organizations must understand that human and digital intelligence collection methods can complement each other. “Losing capabilities in one area might lead to a desire to bolster capabilities in the other,” she said. “Expelling physical spies could indeed lead to an increase in digital espionage activities. If Russia or any other nation-state loses its human assets in a foreign country, it might rely more on cyberintelligence gathering, which includes spying and disruptive activities.”

The assessment also noted a profound shift in the landscape. “Russia has destroyed the rules-based order for peace in Europe. The effectiveness of international forums for maintaining peace and security, such as the UN or the OSCE, has continued to decline; there are no signs of a stable new world order,” the FIS said.

Noting that “the rivalry between the great powers is leaving its mark on the current period of transition” as well as “a shift toward a bipolar world order shaped by the systemic rivalry between the USA and China,” the FIS said, “Russia’s war against Ukraine will remain the focal point in Switzerland’s security environment.”

That means it’s crucial for defenders to step up. “Cybersecurity professionals are employed to put in the proper controls, configurations and orchestration to thwart attacks, and in critical infrastructure, it is incumbent upon them to understand the very high level of responsibility they hold in protecting areas essential to national health, safety and defense,” said John Anthony Smith, CEO at Conversant Group. “While it seems obvious to say that they should place special emphasis on security at this time of heightened tensions, our position is that it is always essential to put 100% effort into protecting critical infrastructure because threat actors probe and make attack attempts virtually continuously and the consequences of complacency could be catastrophic (including, but not limited to, war).”

Avatar photo

Teri Robinson

From the time she was 10 years old and her father gave her an electric typewriter for Christmas, Teri Robinson knew she wanted to be a writer. What she didn’t know is how the path from graduate school at LSU, where she earned a Masters degree in Journalism, would lead her on a decades-long journey from her native Louisiana to Washington, D.C. and eventually to New York City where she established a thriving practice as a writer, editor, content specialist and consultant, covering cybersecurity, business and technology, finance, regulatory, policy and customer service, among other topics; contributed to a book on the first year of motherhood; penned award-winning screenplays; and filmed a series of short movies. Most recently, as the executive editor of SC Media, Teri helped transform a 30-year-old, well-respected brand into a digital powerhouse that delivers thought leadership, high-impact journalism and the most relevant, actionable information to an audience of cybersecurity professionals, policymakers and practitioners.

teri-robinson has 196 posts and counting.See all posts by teri-robinson